We improved Hale, a botnet Command & Control monitor tool developed during Google Summer of Code 2010.

We developed and publicly released pylibemu, a libemu wrapper coded in Cython.

We publicly released maltracer, a Win32 Python code for tracing malware activities on infected hosts.

We are currently designing and developing a completely new pure Python honeyclient implementation starting from the experience we had while developing PhoneyC. We hope to be able to release such project before the end of this year.

We are currently developing a new tool for malware analysis. The core of such tool is essentialy based on a sandbox but it opens the possibility to greatly enhance the analysis through specific plugins (currently plugins for Zeus and Spyeye are available).

We are currently designing and developing an Android application sandbox for dynamic analysis during the Google Summer of Code 2011.

FINDINGS

We identified a new reliable technique for real-time Fast-Flux botnets clusterization. The algorithm is already implemented and running within the TIP framework but it is still not public. We are currently thinking about writing a paper which describes this technique.

Moreover we were frequently engaged for educational presentations or for teaching university classes on new emerging threats-related topics.

GOALS

In 2011 we would like to continue improving the tools we have already released. Moreover we hope to able to release the new tools we are working on (see Section "Research and Development" for further details).